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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 2/2/2009 has been entered. 

Response to Amendment 

Claims 2-3 have been cancelled. Applicant's arguments/amendments with respect to the 
pending claims filed 2/2/2009 have been fully considered but are moot in view of new grounds 
rejection. 

Response to Arguments 
Applicants contend that "Muttik is limited to running emulation code on a closed 
system." Examiner respectfully disagrees. Although the terminology "open platform computer 
system" is not specifically used, Muttik et al. do not teach that the system is limited to a 
particular type of software or received on a "closed" system as Applicants contend. Muttik et al. 
teach that any software received and potentially malicious is analyzed, thus Muttik et al. support 
an "open platform computer system" for performing the claimed steps. Furthermore, the term 
"open platform" to describe the computer system is broad and therefore broadly interpreted 
(according to MPEP 21 1 1) to mean open to receiving software from various independent 
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sources, i.e. not closed to a software received from a particular environment. Thus, the 
combination of Muttik et al. and Brody et al. teach the claimed limitations. 

Still further, Examiner would like to note that, in view of KSR, the Supreme Court 
emphasized that there is a "need for caution in granting a patent based on the combination of 
elements found in the prior art," Id. at 1739. The Supreme Court also reaffirmed principles that 
the "combination of familiar elements according to known methods is likely to be obvious when 
it does no more than yield predictable results." Examiner would also like to note in view of KSR 
that merely using an "open platform" computing system is not patentably distinct from the prior 
art because using this type of architecture with a portable computing device was commonly 
known in the art at the time the invention was made as supported by US Patent 6,481,632 which 
is a reference cited, not used. 

Due to the reasons stated above, the Examiner maintains rejections with respect to the 
pending claims. The prior arts of records taken singly and/or in combination teach the limitations 
that the Applicant suggests distinguish from the prior art. Therefore, it is the Examiner's 
conclusion that the pending claims are not patentably distinct or non-obvious over the prior art of 
record as presented. 

Claim Objections 

Claim 8 is objected to because of the following informalities: In lines 6 and 16 of the 
claim, Applicants refer to "the computer system" where Examiner presumes Applicants intended 
to refer back to "the open platform computer system" which was previously introduced in the 
claim. Appropriate correction is required. 
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Claim Rejections - 35 USC § 112 

I. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

II. Claim 19 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. The term "intended" in reference to the program residing on the network "in a 
fashion intended to be secure" is indefinite since the scope of that term is relative based on the 
interpretation. 

Claim Rejections - 35 USC §103 

III. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability 
shall not be negatived by the manner in which the invention was made. 

IV. Claims 1, 4-5, 7-13, 15-18, and 20-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Muttik et al, US Patent No. 6,907,396 and further in view of Brody, US Pub. 
No. 2001/0051928. 

As per claim 1 : 

Muttik et al. teach a method of ensuring the security of an open platform computer 
system, comprising loading software suitable for operating on an open platform computer system 
in a secure environment on the open platform computer system (col. 3, lines 50-52) comprising 
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the host facility (col. 3, lines 54-62); upon loading the software on the open platform computer 
system, validating the software by the use of a validator program residing in the open platform 
computer system in a secure fashion such that the validator program scans the software that is 
loaded in a secure environment (col. 4, lines 4-23); wherein the act of scanning and validating 
comprises running the code in an emulator for the open platform computer system within the 
secure environment for the emulator to run in, allowing the execution of the code to be examined 
for any new malicious routines as well as against known malicious signatures (col. 4, lines 4-23); 
marking the software as valid or invalid by the use of a flag (col. 4, lines 39-52 and col. 5, lines 
15-19); and, denying the software the ability to operate on any environment within the computer 
system if said validator fails to identify the software as valid in order to ensure the security of the 
open platform computer system (col. 2, lines 64-67). Although an "open platform" is not 
specifically discussed, Muttik et al. do not teach that the system is limited to a particular type of 
software. Muttik et al. teach that any software received and potentially malicious is analyzed, 
thus Muttik et al. support an "open platform computer system" for performing the above 
mentioned steps. 

Not explicitly disclosed is wherein said method operates on a computer system which 
comprises a portable computing device coupled to the host computer. However, Brody teaches a 
PDA coupled to a host device for personalization purposes. Furthermore, Brody et al. teach that 
one of the steps during the personalization process may be to scan the software before allowing it 
to be downloaded to the PDA to prevent from downloading an application with malicious code 
(par. 105). Therefore, it would have been obvious to a person in the art at the time the invention 
was made to modify the method disclosed in Muttik et al. to have the hand-held device coupled 
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to the host computer in order to carry out different functions on the portable device, where one of 
the functions includes the PDA having a validation program stored in a secure fashion in order to 
scan the software. This modification would have been obvious because a person having ordinary 
skill in the art, at the time the invention was made, would have been motivated to do so since 
Brody suggests that PDA's are used in conjunction with PC's in order to download applications 
because PDA's are highly mobile and the client can always have access to his/her PDA, as well 
as to validate an application before downloading it to the PDA, in par. 33, lines 1-30 and par. 
163. 

As per claim 4: 

Muttik et al. and Brody et al. substantially teach the method described in claim 1 . 
Furthermore, Brody et al. teach wherein said software is supplied by a third-party source (par. 33 
and par. 86). 
As per claim 5 : 

Muttik et al. and Brody et al. substantially teach the method described in claim 4. 
Furthermore, Brody et al. teach wherein said third-party software is for execution or other use on 
a palmtop computer (par. 33 and par. 86). 
As per claim 7: 

Muttik et al. and Brody et al. substantially teach the method described in claim 1 . Muttik 
et al. also teach a host computer (col. 3, lines 54-62). Furthermore, Muttik et al. teach that the 
computing environment allows for various computing systems, one of which may be a personal 
organizer (col. 3, lines 44-49). Not explicitly disclosed is wherein said method operates on a 
computer system which comprises a portable computing device coupled to said host computer 
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and wherein the validating operation is performed by the host computer for the portable 
computing device. However, Brody teaches a PDA coupled to a host device for personalization 
purposes. Therefore, it would have been obvious to a person in the art at the time the invention 
was made to modify the method disclosed in Muttik et al. to have the hand-held device coupled 
to the host computer in order to carry out different functions on the palmtop computing device. 
This modification would have been obvious because a person having ordinary skill in the art, at 
the time the invention was made, would have been motivated to do so since Brody suggests that 
PDA's are used in conjunction with PC's in order to download applications because PDA's are 
highly mobile and the client can always have access to his/her PDA in par. 33, lines 1-30. 
As per claim 8: 

Muttik et al. substantially teach a method of ensuring the security of an open platform 
computer system, comprising a validations program residing on the open platform computer 
system in a secure fashion that is configured for: validating the software by first scanning the 
software that is loaded in a secure environment (col. 4, lines 4-23); wherein the act of scanning 
and validating comprises running the code in an emulator for the open platform computer system 
within the secure environment for the emulator to run in, allowing the execution of the code to be 
examined for any new malicious routines as well as against known malicious signatures (col. 4, 
lines 4-23); marking the software as valid or invalid by the use of a flag (col. 4, lines 39-52 and 
col. 5, lines 15-19); and, denying the software the ability to operate on any environment within 
the computer system if the validator fails to identify the software as valid in order to ensure the 
security of said computer system (col. 2, lines 64-67). Although an "open platform" is not 
specifically discussed, Muttik et al. do not teach that the system is limited to a particular type of 
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software. Muttik et al. teach that any software received and potentially is analyzed, thus Muttik 
et al. support an "open platform computer system" for performing the above mentioned steps. 

Not explicitly disclosed is wherein said method operates on a computer system which 
comprises a portable computing device coupled to a host computer, wherein the portable 
computing device is configured to load software from the host computer to the portable 
computing device for operating on the portable computing device. However, Brody teaches a 
PDA coupled to a host device for personalization purposes. Furthermore, Brody et al. teach that 
one of the steps during the personalization process may be to scan the software before allowing it 
to be downloaded to the PDA to prevent from downloading an application with malicious code 
(par. 105). Therefore, it would have been obvious to a person in the art at the time the invention 
was made to modify the method disclosed in Mohammed et al. to have the hand-held device 
coupled to the host computer in order to carry out different functions on the portable device, 
where one of the functions includes the PDA having a validation program stored in a secure 
fashion in order to scan the software. This modification would have been obvious because a 
person having ordinary skill in the art, at the time the invention was made, would have been 
motivated to do so since Brody suggests that PDA's are used in conjunction with PC's in order 
to download applications because PDA's are highly mobile and the client can always have access 
to his/her PDA, as well as to validate an application before downloading it to the PDA, in par. 
33, lines 1-30 and par. 163. 
As per claim 9: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 8. 
Furthermore, Muttik et al. teach wherein said host computer is coupled to a network (col. 3, lines 
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54-62). 

As per claim 10: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 8. 
Furthermore, Brody teaches wherein the portable computing device is a handheld computing 
device (par. 33, lines 1-30). 
As per claim 1 1 : 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 8. 
Furthermore, Brody teaches wherein the portable computing device is a personal data assistant 
(par. 33, lines 1-30). 
As per claim 12: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 8. 
Furthermore, Brody teaches wherein the portable computing device is coupled to said host 
computer by an infrared device (par. 33, lines 25-30). 
As per claim 13: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 8. 
Furthermore, Brody teaches wherein the portable computing device is coupled to said host 
computer by an RF enabled device (par. 33, lines 25-30). 
As per claim 15: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 8. 
Muttik et al. further teach wherein said validation program is configured to evaluate software and 
attach a digital "valid" flag if the software is found to be clean of known security compromising 
routines or attach a digital "invalid" flag to the software if the software is not found to be clean of 
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known security compromising routines (col. 4, lines 39-52 and col. 5, lines 15-19). Furthermore, 
Brody et al. teach wherein the software is software supplied by a third-party (par. 33 and par. 
86). 

As per claim 16: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 15. 
Brody et al. further teach wherein said portable computing device is configured to load third- 
party software files with the digital "valid" flag attached and to refrain from loading third-party 
software files which have no flag attached or have the "invalid" flag attached (par. 33). 
As per claim 17: 

Muttik et al. and Brody et al. substantially teach the apparatus described claim 15. 
Furthermore, Brody teaches wherein said portable computing device is a personal data assistant 
(par. 33, lines 1-30). 
As per claim 18: 

Muttik et al. substantially teach a method of ensuring the security of an open platform 
computer system, comprising a validations program residing on the network that is configured 
for: validating the software by scanning files of the software in a secure environment (col. 4, 
lines 4-23); wherein the act of scanning and validating comprises running the code in an 
emulator for the open platform computer system within the secure environment for the emulator 
to run in, allowing the execution of the code to be examined for any new malicious routines as 
well as against known malicious signatures (col. 4, lines 4-23); marking the software as valid or 
invalid by the use of a flag (col. 4, lines 39-52 and col. 5, lines 15-19); and, denying the software 
the ability to operate on any environment within the computer system if the validator fails to 
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identify the software as valid in order to ensure the security of said computer system (col. 2, lines 
64-67). Although an "open platform" is not specifically discussed, Muttik et al. do not teach that 
the system is limited to a particular type of software. Muttik et al. teach that any software 
received and potentially malicious is analyzed, thus Muttik et al. support an "open platform 
computer system" for performing the above mentioned steps. 

Not explicitly disclosed is a handheld computing device coupled to a network, wherein 
the handheld computing device is configured to load software from the network to the handheld 
computing device for operation on the handheld computing device and performing the scans 
upon loading software to any environment of the handheld computing device. However, Brody 
teaches a PDA coupled to a host computer (which is in a secure networked environment) for 
personalization purposes. Furthermore, Brody et al. teach that one of the steps during the 
personalization process may be to scan the software before allowing it to be downloaded to the 
PDA to prevent from downloading an application with malicious code (par. 105). Therefore, it 
would have been obvious to a person in the art at the time the invention was made to modify the 
method disclosed in Mohammed et al. to have the hand-held device coupled to the host computer 
in order to carry out different functions on the portable device, where one of the functions 
includes the PDA having a validation program stored in a secure fashion in order to scan the 
software. This modification would have been obvious because a person having ordinary skill in 
the art, at the time the invention was made, would have been motivated to do so since Brody 
suggests that PDA's are used in conjunction with PC's in order to download applications because 
PDA's are highly mobile and the client can always have access to his/her PDA, as well as to 
validate an application before downloading it to the PDA, in par. 33, lines 1-30 and par. 163. 
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As per claim 20: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 18. 
Brody et al. further teach wherein said portable computing device is configured to load third- 
party software files with the digital "valid" flag attached and to refrain from loading third-party 
software files which have no flag attached or have the "invalid" flag attached (par. 33). 
As per claim 21: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 18. 
Muttik et al. further teach wherein said validation program is configured to evaluate software and 
attach a digital "valid" flag if the software is found to be clean of known security compromising 
routines or attach a digital "invalid" flag to the software if the software is not found to be clean of 
known security compromising routines (col. 4, lines 39-52 and col. 5, lines 15-19). Furthermore, 
Brody et al. teach wherein the software is software supplied by a third-party (par. 33 and par. 
86). 

V. Claims 6, 14, and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Muttik et al, US Patent No. 6,907,396 and Brody, US Pub. No. 2001/0051928 as applied to 
claims 1, 8, & 18 above, and further in view of Ginter et al, US Patent No. 6,948,070. 
As per claim 6: 

Muttik et al. and Brody et al. substantially teach the method described in claim 1 . Not 
explicitly disclosed is wherein said validator program is specially constructed to reside in a 
secure fashion in the host facility of said computer system. However, Ginter et al. teach the use 
of a tamper-resistant security barrier which could be included in any component in a network so 
that processes are ensured to be carried out within a secure environment. Therefore, it would 
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have been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Muttik et al. for the validator program to be contained within a secure environment 
in order to ensure that it has not been tampered with so that it correctly validates the 
software/application. This modification would have been obvious because a person having 
ordinary skill in the art, at the time the invention was made, would have been motivated to do so 
since Ginter et al. suggest that it is important to ensure that processes are carried out within a 
secure environment in col. 59, lines 48-59. 
As per claim 14: 

Muttik et al. and Brody et al. substantially teach the apparatus described in claim 8. Not 
explicitly disclosed is wherein said validation program resides in said host computer of the 
computer system in a fashion intended to be secure. However, Ginter et al. teach the use of a 
tamper-resistant security barrier which could be included in any component in a network so that 
processes are ensured to be carried out within a secure environment. Therefore, it would have 
been obvious to a person in the art at the time the invention was made to modify the apparatus 
disclosed in Muttik et al. for the validator program to be contained within a secure environment 
in order to ensure that it has not been tampered with so that it correctly validates the 
software/application. This modification would have been obvious because a person having 
ordinary skill in the art, at the time the invention was made, would have been motivated to do so 
since Ginter et al. suggest that it is important to ensure that processes are carried out within a 
secure environment in col. 59, lines 48-59. 
As per claim 19: 
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Muttik et al. and Brody et al. substantially teach the apparatus described in claim 18. Not 
explicitly disclosed is wherein said validation program resides in said computer network in a 
fashion intended to be secure. However, Ginter et al. teach the use of a tamper-resistant security 
barrier which could be included in any component in a network so that processes are ensured to 
be carried out within a secure environment. Therefore, it would have been obvious to a person in 
the art at the time the invention was made to modify the apparatus disclosed in Muttik et al. for 
the validator program to be contained within a secure environment in order to ensure that it has 
not been tampered with so that it correctly validates the software/application. This modification 
would have been obvious because a person having ordinary skill in the art, at the time the 
invention was made, would have been motivated to do so since Ginter et al. suggest that it is 
important to ensure that processes are carried out within a secure environment in col. 59, lines 
48-59. 
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The prior art made of record and not relied upon is considered pertinent to applicant's 
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1. US Patent No. 6,694,436 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Nadia Khoshnoodi/ 
Examiner, Art Unit 2437 
4/9/2009 

NK 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



